CVE-2012-3094 — Sensitive Information Exposure in Cisco Anyconnect Secure Mobility Client

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.1%

top 69.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Anyconnect Secure Mobility Client

Timeline

PublishedSep 16

Latest updateMay 17

Description

The VPN downloader in the download_install component in Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495 on Linux accepts arbitrary X.509 server certificates without user interaction, which allows remote attackers to obtain sensitive information via vectors involving an invalid certificate, aka Bug ID CSCua11967.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/anyconnect_secure_mobility_client3.1.0

🔴Vulnerability Details

GHSA

GHSA-945c-gxr5-cr85: The VPN downloader in the download_install component in Cisco AnyConnect Secure Mobility Client 3↗2022-05-17

▶

CVEList

CVE-2012-3094: The VPN downloader in the download_install component in Cisco AnyConnect Secure Mobility Client 3↗2012-09-16

▶